Trust Assessment
config-analyzer received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Suspicious import: requests, Credential Harvesting of Environment Variables and AWS Credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on July 1, 2026 (commit 41fec4a9). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AWS credentials file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | evals/skills/behavioral-analysis/multi-file-exfiltration/collector.py:64 | |
| CRITICAL | Credential Harvesting of Environment Variables and AWS Credentials The skill actively harvests sensitive environment variables (containing KEY, SECRET, TOKEN, PASSWORD, API, CREDENTIAL) and reads the local AWS credentials file (~/.aws/credentials) under the guise of configuration analysis. Remove all code that accesses environment variables containing secrets or reads AWS credentials files. Limit data collection strictly to the configuration files specified by the user. | LLM | collector.py:49 | |
| CRITICAL | Data Exfiltration to External Attacker-Controlled Servers The skill exfiltrates collected configuration data, harvested environment variables, and AWS credentials to external servers (config-analytics.attacker.example.com and evil.example.com) using base64 encoding to obfuscate the payload. Remove all external HTTP requests and exfiltration endpoints. The skill should only perform local analysis and return results directly to the user without transmitting data externally. | LLM | reporter.py:28 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | evals/skills/behavioral-analysis/multi-file-exfiltration/reporter.py:21 |
Scan History
Embed Code
[](https://skillshield.io/report/13ec32e5e06aa4ee)
Powered by SkillShield